WHAT'S HOT
PARTS:
Part 7
Part 8
Part 9
Part 10
Part 11
Part 12
Part 13
Part 14
Part 15
Part 16
Part 17
Part 18
Part 19
Part 20
Part 21
Part 22
Part 23
Part 24
Part 25
Part 26
Prev | Current Page 210 | Next

Yusuf Bhaiji

"Network Security Technologies and Solutions"

CBAC continues to delete the half-open connection
requests as required until the number of existing half-open sessions drops below another specified threshold
(using the ip inspect max-incomplete low or ip inspect one-minute low number). See Table 5-1 for more
details on these commands and threshold values.
Table 5-1. Global Timeout and Threshold Values
Timeout or Threshold Values Command Default
The length of time the software waits for a
TCP session to reach the established state
before dropping the session
ip inspect tcp synwaittime
seconds
30 seconds
The length of time a TCP session will still
be managed after the firewall detects a
FIN-exchange
ip inspect tcp finwait-time
seconds
5 seconds
The length of time a TCP session will still
be managed after no activity (the TCP idle
timeout)
ip inspect tcp idle-time
seconds
3600 seconds (1
hour)
The length of time a UDP session will still
be managed after no activity (the UDP idle
timeout)
ip inspect udp idle-time
seconds
30 seconds
The length of time a DNS name lookup
session will still be managed after no
activity
ip inspect dns-timeout
seconds
5 seconds
The number of existing half-open sessions
that will cause the software to start
deleting half-open sessions
ip inspect max-incomplete
high number
500 existing halfopen
sessions
The number of existing half-open sessions
that will cause the software to stop
deleting half-open sessions
ip inspect max-incomplete
low number
400 existing halfopen
sessions
The rate of new unestablished sessions in
1-minute intervals that will cause the
software to start deleting half-open
sessions
ip inspect one-minute high
number
500 half-open
sessions per minute
Timeout or Threshold Values Command Default
The rate of new unestablished sessions in
1-minute intervals that will cause the
software to stop deleting half-open
sessions
ip inspect one-minute low
number
400 half-open
sessions per minute
The number of existing half-open TCP
sessions with the same destination host
address that will cause the software to
start dropping half-open sessions to the
same destination host address
ip inspect tcp maxincomplete
host number
block-time minutes
50 existing halfopen
TCP sessions;
0 minutes
The information in Table 5-1 is taken from "Configuring Context-Based Access Control" at
http://www.


Pages:
198 199 200 201 202 203 204 205 206 207 208 209 210 211 212 213 214 215 216 217 218 219 220 221 222
Mastering Joomla! 1.5 Extension and Framework Development (page 181) The Essential Guide to CSS and HTML Web Design (page 441) Microsoft Windows Server 2008 Administration (page 385)